A password security expert at Stricture Consulting Group has revealed top 100 passwords being used by Adobe’s customers and has claimed that nearly two million of them used the easily guessable string ‘123456’ as their password.
Jeremi Gosney of the Stricture Group analyzed the Adobe hack password dumps he stumbled upon on the web and has revealed that easy to guess password, other than ‘123456’, such as ‘123456789’, ‘password’ and ‘adobe123’ were being used by hundreds of thousands of users. This highlights the fact that users are still bad at picking their passwords and lack awareness when it comes to online security.
The group claimed that it doesn’t have access to Adobe’s keys however, they were able to retrieve the top 100 passwords used by Adobe users.
“…thanks to Adobe choosing symmetric key encryption over hashing, selecting ECB mode, and using the same key for every password, combined with a large number of known plaintexts and the generosity of users who flat-out gave us their password in their password hint, this is not preventing us from presenting you with this list of the top 100 passwords selected by Adobe users”, noted Stricture.
The security company revealed that there is no way of verifying the information they have presented, but they are ‘fairly’ confident about the accuracy of the list they have published.
If the list is indeed accurate, it means that beyond lack of user awareness about general online security, there is a severe lapse on Adobe’s side for allowing users to have such easily guessable character strings as passwords.